Summary:
63 new OPEN, 81 new PRO (63 + 18)
Thanks @AikidoSecurity
Added rules:
Open:
- 2062229 - ET INFO DYNAMIC_DNS Query to a *.faizinternational .com .np domain (info.rules)
- 2062230 - ET INFO DYNAMIC_DNS HTTP Request to a *.faizinternational .com .np domain (info.rules)
- 2062231 - ET INFO DYNAMIC_DNS Query to a *.brianpuppy .com domain (info.rules)
- 2062232 - ET INFO DYNAMIC_DNS HTTP Request to a *.brianpuppy .com domain (info.rules)
- 2062233 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (animatcxju .live) (malware.rules)
- 2062234 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (animatcxju .live) in TLS SNI (malware.rules)
- 2062235 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (blackljjwc .run) (malware.rules)
- 2062236 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (blackljjwc .run) in TLS SNI (malware.rules)
- 2062237 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (blackswmxc .top) (malware.rules)
- 2062238 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (blackswmxc .top) in TLS SNI (malware.rules)
- 2062239 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (interpwthc .digital) (malware.rules)
- 2062240 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (interpwthc .digital) in TLS SNI (malware.rules)
- 2062241 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (overcovtcg .top) (malware.rules)
- 2062242 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (overcovtcg .top) in TLS SNI (malware.rules)
- 2062243 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zmedtipp .live) (malware.rules)
- 2062244 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (zmedtipp .live) in TLS SNI (malware.rules)
- 2062245 - ET EXPLOIT_KIT DollyWay v3 PHP TDS Redirect M2 (exploit_kit.rules)
- 2062246 - ET MALWARE RedExt C2 Agent Register (malware.rules)
- 2062247 - ET MALWARE RedExt C2 Agent Exfiltration (malware.rules)
- 2062248 - ET MALWARE RedExt C2 Agent Beacon (malware.rules)
- 2062249 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clatteqrpq .digital) (malware.rules)
- 2062250 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (clatteqrpq .digital in TLS SNI) (malware.rules)
- 2062251 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enumermbzz .live) (malware.rules)
- 2062252 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (enumermbzz .live in TLS SNI) (malware.rules)
- 2062253 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (voznessxyy .life) (malware.rules)
- 2062254 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (voznessxyy .life in TLS SNI) (malware.rules)
- 2062255 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ninepicchf .bet) (malware.rules)
- 2062256 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ninepicchf .bet in TLS SNI) (malware.rules)
- 2062257 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (albizzcdlv .digital) (malware.rules)
- 2062258 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (albizzcdlv .digital in TLS SNI) (malware.rules)
- 2062259 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aigjmr .digital) (malware.rules)
- 2062260 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aigjmr .digital in TLS SNI) (malware.rules)
- 2062261 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lancery .digital) (malware.rules)
- 2062262 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lancery .digital in TLS SNI) (malware.rules)
- 2062263 - ET WEB_SPECIFIC_APPS D-Link DI-8100 ddos.asp multiple parameters Buffer Overflow Attempt (CVE-2025-4544) (web_specific_apps.rules)
- 2062264 - ET WEB_SPECIFIC_APPS H3C Magic NX15 /wizard Multiple Endpoints Command Injection Attempt (CVE-2025-2725) (web_specific_apps.rules)
- 2062265 - ET WEB_SPECIFIC_APPS GLiNet GL-AX1800 s2s API Command Injection Attempt (CVE-2024-39226) (web_specific_apps.rules)
- 2062266 - ET WEB_SPECIFIC_APPS JCM JIR-AC681 systools.asp Command Injection Attempt (web_specific_apps.rules)
- 2062267 - ET INFO DYNAMIC_DNS Query to a *.skamaria .net domain (info.rules)
- 2062268 - ET INFO DYNAMIC_DNS HTTP Request to a *.skamaria .net domain (info.rules)
- 2062269 - ET INFO DYNAMIC_DNS Query to a *.richsfamilyonline .net domain (info.rules)
- 2062270 - ET INFO DYNAMIC_DNS HTTP Request to a *.richsfamilyonline .net domain (info.rules)
- 2062271 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (araucahkbm .live) (malware.rules)
- 2062272 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (araucahkbm .live) in TLS SNI (malware.rules)
- 2062273 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (easterxeen .run) (malware.rules)
- 2062274 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (easterxeen .run) in TLS SNI (malware.rules)
- 2062275 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (featurlyin .top) (malware.rules)
- 2062276 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (featurlyin .top) in TLS SNI (malware.rules)
- 2062277 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (flowerexju .bet) (malware.rules)
- 2062278 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (flowerexju .bet) in TLS SNI (malware.rules)
- 2062279 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (posseswsnc .top) (malware.rules)
- 2062280 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (posseswsnc .top) in TLS SNI (malware.rules)
- 2062281 - ET WEB_SPECIFIC_APPS Tenda AC10 setPptpUserList list Parameter Buffer Overflow Attempt (CVE-2025-45779) (web_specific_apps.rules)
- 2062282 - ET EXPLOIT D-Link HNAP - Request Remote Buffer Overflow M1 (CVE-2014-3936) (exploit.rules)
- 2062283 - ET MALWARE RATatouille rand-user-agent Supply Chain Compromise CnC Activity (POST) (malware.rules)
- 2062284 - ET EXPLOIT D-Link HNAP - Request Remote Buffer Overflow M2 (CVE-2014-3936) (exploit.rules)
- 2062285 - ET EXPLOIT D-Link HNAP - Request Remote Buffer Overflow M3 (CVE-2014-3936) (exploit.rules)
- 2062286 - ET MALWARE RATatouille rand-user-agent Supply Chain Compromise CnC Activity (WebSocket) (malware.rules)
- 2062287 - ET MALWARE RATatouille rand-user-agent Supply Chain Compromise CnC Command Inbound (ss_dir) (malware.rules)
- 2062288 - ET MALWARE RATatouille rand-user-agent Supply Chain Compromise CnC Command Inbound (ss_fcd:) (malware.rules)
- 2062289 - ET MALWARE RATatouille rand-user-agent Supply Chain Compromise CnC Command Inbound (ss_upf:) (malware.rules)
- 2062290 - ET MALWARE RATatouille rand-user-agent Supply Chain Compromise CnC Command Inbound (ss_upd:) (malware.rules)
- 2062291 - ET MALWARE RATatouille rand-user-agent Supply Chain Compromise CnC Command Inbound (ss_stop:) (malware.rules)
Pro:
- 2861628 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2861629 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2861630 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2861631 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2861632 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2861633 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2861634 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2861635 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2861636 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2861637 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2861638 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2861639 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2861640 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2861641 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2861642 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2861643 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2861644 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
- 2861645 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)